Steps Your Company Should Take After a Data Breach
Data breaches are all too common for organizations across the nation. Even companies with robust security measures in place are not immune. For this reason, knowing how to respond after a data breach is essential, whether you’re a small business or a large corporation. When you can respond quickly and effectively after a breach, you can avoid costly damages, protect your brand image, and resume operations with little delay. Here are the steps you should take after a data breach.
1. Secure Your Systems
As soon as you receive a data breach notification, begin isolating your network and any affected servers to prevent the attack from spreading. Take the network temporarily offline, change any access codes or logins, and revoke remote access for the time being. When changing passwords, use a complex combination of upper and lower-case letters, numbers, and special characters. Segregate all hardware devices to a separate network subnet and do not power them down (otherwise, you could lose critical volatile data). Quarantine any identified malware — do not delete or remove it until it has been analyzed and evidence has been extracted. Finally, make sure you document everything, from when and how you learned about the breach to all the actions you took to secure your systems, including dates and times when you changed passwords and remote access capabilities.
2. Investigate the Breach
As soon as your company is notified of a data breach, have your incident response team jump into action. You need to identify the source and extent of the breach. If you have an intrusion detection or prevention system, you can review its logs to pinpoint the source of the security breach as well as identify which files were affected and what the hacker did. Was financial information stolen? Did the hacker merely steal email addresses? Were they able to access credit card numbers? Questions like these are vital to a successful data breach recovery plan.
3. Preserve Evidence
While you must act quickly when a data breach occurs, you should not react hastily or irrationally. If you do not take the proper steps, you could destroy valuable evidence forensic examiners will need during an investigation. It’s all too common for organizations to wipe and re-install their systems before investigating the breach, leading to the devastating loss of evidence. If your IT team is not trained in computer forensics, it will be in your company’s best interest to hire an expert to preserve evidence and maintain the digital chain of custody. A digital forensic expert will be able to capture and analyze all traffic, effectively storing crucial data for litigation purposes and identifying the cause of the incident (whether it was malware, a firewall with an open port, an email phishing attack, old software, or an employee leaking sensitive data).
4. Notify the Public
One of the most important steps to take after company data has been compromised is to notify the affected parties. Some states have mandatory time frames you must follow when notifying people that their cardholder information has been compromised. Make sure you understand and follow your state laws when you make notifications. Seek legal counsel to ensure you provide information in a timely manner. If your team is still gathering information and working on a fix, you can offer updates as they become available.
5. Fix Your Systems
Now that you’ve preserved evidence and investigated the cause of the data breach, it’s time to improve your systems and strengthen your security. Ensure all affected systems are patched, replaced, and tested so that another cyber attack is less likely in the future.
6. Update Your Incident Response Plan
Now that the dust has settled, you should evaluate your incident response plan. Was your team able to respond in a timely manner? Did your IT staff have the knowledge and tools necessary to respond effectively? Were there any areas for improvement? Strategize with your team and then revise your incident response plan.
Get Expert Assistance Today
When your company is affected by a data breach, the consequences can be costly and devastating. However, if you have an effective incident response plan in place, you can mitigate potential costs and damages.
Have you recently suffered from a data security breach? The digital forensic experts at Cornerstone Discovery can help you investigate the incident and preserve critical evidence. Contact us today to learn more about our e-Discovery solutions in Montgomery County and the surrounding areas.